diff --git a/pkgs/default.nix b/pkgs/default.nix index 55fd9f4..c1984ac 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -31,6 +31,8 @@ let uffd = callPackage ./uffd {}; + netbox = callPackage ./netbox { }; + inherit (unstable) vaultwarden vaultwarden-vault; }; diff --git a/pkgs/netbox/0001-add-uffd-oauth2-backend.patch b/pkgs/netbox/0001-add-uffd-oauth2-backend.patch new file mode 100644 index 0000000..07e9507 --- /dev/null +++ b/pkgs/netbox/0001-add-uffd-oauth2-backend.patch @@ -0,0 +1,70 @@ +From 00e282e32b46bb4b6040dc3810599c693306c0ec Mon Sep 17 00:00:00 2001 +From: David Croft +Date: Thu, 24 Mar 2022 11:09:14 +0000 +Subject: [PATCH] add uffd oauth2 backend + +--- + social_core/backends/uffd.py | 51 ++++++++++++++++++++++++++++++++++++ + 1 file changed, 51 insertions(+) + create mode 100644 social_core/backends/uffd.py + +diff --git a/social_core/backends/uffd.py b/social_core/backends/uffd.py +new file mode 100644 +index 00000000..fb8ffb62 +--- /dev/null ++++ b/social_core/backends/uffd.py +@@ -0,0 +1,51 @@ ++from urllib.parse import urlencode ++ ++from .oauth import BaseOAuth2 ++ ++ ++class UffdOAuth2(BaseOAuth2): ++ """Uffd OAuth2 authentication backend ++ ++ You need to set the following config: ++ SOCIAL_AUTH_UFFD_KEY - client id ++ SOCIAL_AUTH_UFFD_SECRET - client secret ++ SOCIAL_AUTH_UFFD_BASE_URL - base url to uffd installation ++ """ ++ ++ name = 'uffd' ++ ACCESS_TOKEN_METHOD = 'POST' ++ REFRESH_TOKEN_METHOD = 'POST' ++ SCOPE_SEPARATOR = ' ' ++ STATE_PARAMETER = True ++ REDIRECT_STATE = False ++ EXTRA_DATA = [ ++ ('id', 'id'), ++ ] ++ ++ def get_user_details(self, response): ++ """Return user details from a Uffd account""" ++ fullname, first_name, last_name = self.get_user_names(fullname=response.get('name')) ++ return { ++ 'username': response.get('nickname'), ++ 'email': response.get('email') or '', ++ 'fullname': fullname, ++ 'first_name': first_name, ++ 'last_name': last_name, ++ } ++ ++ def user_data(self, access_token, *args, **kwargs): ++ """Loads user data from service""" ++ url = self.userinfo_url() + '?' + urlencode({'access_token': access_token}) ++ try: ++ return self.get_json(url) ++ except ValueError: ++ return None ++ ++ def authorization_url(self): ++ return self.setting('BASE_URL') + '/oauth2/authorize' ++ ++ def access_token_url(self): ++ return self.setting('BASE_URL') + '/oauth2/token' ++ ++ def userinfo_url(self): ++ return self.setting('BASE_URL') + '/oauth2/userinfo' +-- +2.38.1 + diff --git a/pkgs/netbox/default.nix b/pkgs/netbox/default.nix new file mode 100644 index 0000000..114593b --- /dev/null +++ b/pkgs/netbox/default.nix @@ -0,0 +1,99 @@ +# note: this file has been copied out of nixpkgs 22.05, except for +# that bit where we add the patch for uffd. There does not seem to +# be a better way to do this, since successive overrides to the +# python package set revert each other, and this file does such an +# override. + +{ lib +, pkgs +, fetchFromGitHub +, nixosTests +, python3 + +, plugins ? ps: [] }: + +let + py = python3.override { + packageOverrides = self: super: { + django = super.django_4; + social-auth-core = super.social-auth-core.overrideAttrs ( old: { + patches = [ ./0001-add-uffd-oauth2-backend.patch ]; + } ); + }; + }; + + + extraBuildInputs = plugins py.pkgs; +in +py.pkgs.buildPythonApplication rec { + pname = "netbox"; + version = "3.2.1"; + + src = fetchFromGitHub { + owner = "netbox-community"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-iA0KIgaHQh0OsN/tXmTATIlvnf0aLRdjeQ6VkiR9VJ4="; + }; + + format = "other"; + + patches = pkgs.netbox.patches; + + propagatedBuildInputs = with py.pkgs; [ + django_4 + django-cors-headers + django-debug-toolbar + django-filter + django-graphiql-debug-toolbar + django-mptt + django-pglocks + django-prometheus + django-redis + django-rq + django-tables2 + django-taggit + django-timezone-field + djangorestframework + drf-yasg + swagger-spec-validator # from drf-yasg[validation] + graphene-django + jinja2 + markdown + markdown-include + mkdocs-material + netaddr + pillow + psycopg2 + pyyaml + social-auth-core + social-auth-app-django + svgwrite + tablib + jsonschema + ] ++ extraBuildInputs; + + installPhase = '' + mkdir -p $out/opt/netbox + cp -r . $out/opt/netbox + chmod +x $out/opt/netbox/netbox/manage.py + makeWrapper $out/opt/netbox/netbox/manage.py $out/bin/netbox \ + --prefix PYTHONPATH : "$PYTHONPATH" + ''; + + passthru = { + # PYTHONPATH of all dependencies used by the package + pythonPath = python3.pkgs.makePythonPath propagatedBuildInputs; + + tests = { + inherit (nixosTests) netbox; + }; + }; + + meta = with lib; { + homepage = "https://github.com/netbox-community/netbox"; + description = "IP address management (IPAM) and data center infrastructure management (DCIM) tool"; + license = licenses.asl20; + maintainers = with maintainers; [ n0emis raitobezarius ]; + }; + } diff --git a/services/netbox.nix b/services/netbox.nix index a91e4a9..0a4ffd3 100644 --- a/services/netbox.nix +++ b/services/netbox.nix @@ -7,6 +7,12 @@ localAddress = "192.168.140.10"; autoStart = true; + bindMounts = { + "/persist" = { + hostPath = "/persist/containers/netbox"; + isReadOnly = false; + }; + }; path = (evalConfig { hosts = { }; groups = { }; @@ -18,12 +24,24 @@ imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ]; + + services.netbox = { enable = true; - secretKeyFile = "/var/lib/netbox/secret"; listenAddress = "0.0.0.0"; - }; + secretKeyFile = "/persist/var/lib/netbox/secret"; + # this is set by the nopersist profile + # dataDir = lib.mkForce "/persistvar/lib/netbox"; + + extraConfig = '' + REMOTE_AUTH_BACKEND = 'social_core.backends.uffd.UffdOAuth2' + SOCIAL_AUTH_UFFD_KEY = "netbox" + SOCIAL_AUTH_UFFD_BASE_URL = "https://login.infra4future.de" + with open("/uffd-secret", "r") as file: + SOCIAL_AUTH_UFFD_SECRET = file.readline().replace("\n", "") + ''; + }; services.coredns = { enable = true; @@ -42,5 +60,6 @@ locations."/" = { proxyPass = "http://${config.containers.netbox.localAddress}:8001"; }; + locations."/static".root = "/persist/containers/netbox/var/lib/netbox"; }; }